07-08-2015 05:54 AM - edited 03-05-2019 01:49 AM
hello
i am trying to monitoring an 5505 ASA via the inside interface from a server that's coming from the outside. which keeps on failing but it works fine if i put in the outside interface as a destination.
for the love of god i have been trying everything and cant get something so simple to work. below is what i have configured. is there natting which i will have to enable so i can make this work?
!
interface Ethernet0/0
description Uplink to VM LAB
switchport access vlan 10
!
interface Ethernet0/1
description Uplink to Corp NW
switchport access vlan 99
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
!
interface Vlan1
no nameif
no security-level
no ip address
!
interface Vlan2
nameif management
security-level 0
!
interface Vlan10
nameif inside
security-level 100
ip address 10.3.249.254 255.255.255.0
!
interface Vlan99
nameif outside
security-level 0
ip address 10.3.250.20 255.255.255.0
!
snmp-server group d###s v3 priv
snmp-server host inside 10.3.210.225 community ***** version 2c
snmp-server host outside 10.3.210.225 community ***** version 2c
snmp-server location Engen IBD LAB
snmp-server contact R####
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
07-08-2015 11:04 AM
"which keeps on failing but it works fine if i put in the outside interface as a destination."
This is an expected behavior of the ASA.
You must configure on which interface snmp queries are coming to the ASA, firewall cannot assume thing on its own.
07-08-2015 11:00 PM
hi,
is 10.3.210.255 located on the 'inside' or 'outside' the ASA?
do you have static routes configured?
can you at least ping 10.3.210.225?
07-09-2015 02:51 AM
i have test ping but keep on failing, the 10.3.210.225 is located on the outside and we are trying to monitor the inside interface for snmp.
we currently found an alternative and thats to run snmp V3 on the ouside interface for secure reasons.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide